Tag: New York Times

Making Sense of New TSA Procedures

Since they were announced recently, I’ve been working to make sense of new security procedures that TSA is applying to flights coming into the U.S.

“These new measures utilize real-time, threat-based intelligence along with multiple, random layers of security, both seen and unseen, to more effectively mitigate evolving terrorist threats,” says Secretary Napolitano.

That reveals essentially nothing of what they are, of course. Indeed, “For security reasons, the specific details of the directives are not public.”

But we in the public aren’t so many potted plants. We need to know what they are, both because our freedoms are at stake and because our tax money will be spent on these measures.

Let’s start at the beginning, with identity-based screening and watch-listing in general. A recent report in the New York Times sums it up nicely:

The watch list is actually a succession of lists, beginning with the Terrorist Identities Datamart Environment, or TIDE, a centralized database of potential suspects.  … [A]bout 10,000 names come in daily through intelligence reports, but … a large percentage are dismissed because they are based on “some combination of circular reporting, poison pens, mistaken identities, lies and so forth.”

Analysts at the counterterrorism center then work with the Terrorist Screening Center of the F.B.I. to add names to what is called the consolidated watch list, which may have any number of consequences for those on it, like questioning by the police during a traffic stop or additional screening crossing the border. That list, in turn, has various subsets, including the no-fly list and the selectee list, which requires passengers to undergo extra screening.

The consolidated list has the names of more than 400,000 people, about 97 percent of them foreigners, while the no-fly and selectee lists have about 6,000 and 20,000, respectively.

After the December 25, 2009 attempted bombing of a Northwest Airlines flight from Amsterdam into Detroit, TSA quickly established, then quickly lifted, an oppressive set of rules for travelers, including bans on blankets and on moving about the cabin during the latter stages of flights. In the day or two after a new attempt, security excesses of this kind are forgivable.

But TSA also established identity-based security rules of similar provenance and greater persistence, subjecting people from fourteen countries, mostly Muslim-dominated, to special security screening. This was ham-handed reaction, increasing security against the unlikely follow-on attacker by a tiny margin while driving wedges between the U.S. and people well positioned to help our security efforts.

Former DHS official Stewart Baker recently discussed the change to this policy on the Volokh Conspiracy blog:

The 14-country approach wasn’t a long-term solution.  So some time in January or February, with little fanfare, TSA seems to have begun doing something much more significant.  It borrowed a page from the Customs and Border Protection playbook, looking at all passengers on a flight, running intelligence checks on all of them, and then telling the airlines to give extra screening to the ones that looked risky.

Mark Ambinder lauded the new policy on the Atlantic blog, describing it thusly:

The new policy, for the first time, makes use of actual, vetted intelligence. In addition to the existing names on the “No Fly” and “Selectee” lists, the government will now provide unclassified descriptive information to domestic and international airlines and to foreign governments on a near-real time basis.

Likely, the change is, or is very much like, applying a Customs and Border Patrol program called ATS-P (Automated Targeting System - Passenger) to air travel screening.

“[ATS-P] compares Passenger Name Record (PNR) and information in [various] databases against lookouts and patterns of suspicious activity identified by analysts based upon past investigations and intelligence,” says this Congressional Research Service report.

“It was through application of the ATS-P that CBP officers at the National Targeting Center selected Umar Farouk Abdulmutallab, who attempted to detonate an explosive device on board Northwest Flight 253 on December 25, 2009, for further questioning upon his arrival at the Detroit Metropolitan Wayne County Airport.”

Is using ATS-P or something like it an improvement in the way airline security is being done? It probably is.

A watch-list works by comparing the names of travelers to the names of people that intelligence has deemed concerning. To simplify, the logic looks like something like this:

If first name=”Cat” (or variants) and last name=”Stevens”, then *flag!*

Using intelligence directly just broadens the identifiers you use, so the comparison (again simplified) might look something like this:

If biography contains “traveled in Yemen” or “Nigerian student” or “consorted with extremists”, then *flag!*

The ability to flag a potential terrorist with identifiers beyond name is a potential improvement. Such a screening system would be more flexible than one that used purely name-based matching. But using more identifiers isn’t automatically better.

The goal—unchanged—is to minimize both false positives and false negatives—that is, people flagged as potential terrorists who are not terrorists, and people not flagged as terrorists who are terrorists. A certain number of false positives are acceptable if that avoids false negatives, but a huge number of false positives will just waste resources relative to the margin of security the screening system creates. Given the overall paucity of terrorists—which is otherwise a good thing—it’s very easy to waste resources on screening.

I used the name “Cat Stevens” above because it’s one of several well known examples of logic that caused false positives. Utterly simplistic identifiers like “traveled in Yemen” will also increase false positives dramatically. More subtle combinations of identifiers and logic can do better. The questions are how far they increase false positives, and whether the logic is built on enough information to produce true positives.

So far as we know, ATS-P has never flagged a terrorist before it flagged the underwear bomber. DHS officials tried once to spin up a case in which ATS-P flagged someone who was involved in an Iraq car-bombing after being excluded from the U.S. However, I believe, as I suggested two years ago, that ATS-P flagged him as a likely visa overstayer and not as a terror threat. He may not have been a terror threat when flagged, as some reports have it that he descended into terrorism after being excluded from the U.S. This makes the incident at best an example of luck rather than skill. That I know of, nobody with knowledge of the incident has ever disputed my theory, which I think they would have done if they could.

The fact that ATS-P flagged one terrorist is poor evidence that it will “work” going forward. The program “working” in this case means that it finds true terrorists without flagging an unacceptable/overly costly number of non-terrorists.

Of course, different people are willing to accept different levels of cost to exclude terrorists from airplanes. I think I have come up with a good way to measure the benefits of screening systems like this so that costs and benefits can be compared, and the conversation can be focused.

Assume a motivated attacker that would eventually succeed. By approximating the amount of damage the attack might do and how long it would take to defeat the security measure, one can roughly estimate its value.

Say, for example, that a particular attack might cause one million dollars in damage. Delaying it for a year is worth $50,000 at a 5% interest rate. Delaying for a month an attack that would cause $10 billion in damage is worth about $42 million.

(I think it is fair to assume that any major attack will happen only once, as it will produce responses that prevent it happening twice. The devastating “commandeering” attack on air travel and infrastructure is instructive. The 9/11 attacks permanently changed the posture of air passengers toward hijackers, and subsequent hardening of cockpit doors has brought the chance of another commandeering attack very close to nil.)

A significant weakness of identity-based screening (which “intelligence-based” screening—if there’s a difference—shares) is that it is testable. A person may learn if he or she is flagged for extra scrutiny simply by traveling a few times. A person who passes through airport security six times in a two-month period and does not receive extra scrutiny can be confident enough on the seventh trip that he or she will not be specially screened. If a person does receive special scrutiny on test runs, that’s notice of being in a suspect category, so someone else should carry out a planned attack.

(“We’ll make traveling often a ground for suspicion!” might go the answer. “False positives,” my rejoinder.)

Assuming that it takes two months more than it otherwise would to recruit and clear a clean-skin terrorist, as Al Qaeda and Al Qaeda franchises have done, the dollar value of screening is $125 million. That is the amount saved (at a 5% interest rate) by delaying for one month an attack costing $15 billion (a RAND corporation estimate of the total cost of a downed airliner, public reactions included).

Let’s say that the agility of having non-name identifiers does improve screening and causes it to take three months rather than two to find a candidate who can pass through the screen. Ignoring the costs of additional false positives (though they could be very high), the value of screening rises to $187.5 million.

(There is plenty of room to push and pull on all these assumptions. I welcome comments on both the assumptions and the logic of using the time-value of delayed attacks to quantify the benefits of security programs.)

A January 2009 study entitled, “Just How Much Does That Cost, Anyway? An Analysis of the Financial Costs and Benefits of the ‘No-Fly’ List,” put the amount expended on “no-fly” listing up to that time at between $300 million and $966 million, with a medium estimate of $536 million. The study estimated yearly costs at between $51 and $161 million, with a medium estimate of $89 million.

The new screening procedures, whose contours are largely speculative, may improve air security by some margin. Their additional costs are probably unknown to anyone yet as false positive rates have yet to be determined, and the system has yet to be calibrated. Under the generous assumption that this change makes it 50% harder to defeat the screening system, the value of screening rises, mitigating the ongoing loss that identity-based screening appears to bring to our overall welfare.

Hey, if you’ve read this far, you’ll probably go one or two more paragraphs…

It’s worth noting how the practice of “security by obscurity” degrades the capacity of outside critics to contribute to the improvement of homeland security programs. Keeping the contours of this system secret requires people like me to guess at what it is and how it works, so my assessment of its strengths and weaknesses is necessarily degraded. As usual, Bruce Schneier has smart things to say on security by obscurity, building on security principles generated over more than 125 years in the field of cryptography.

DHS could tell the public a great deal more about what it is doing. There is no good reason for the security bureaucracy to insist on going mano a mano against terrorism, turning away the many resources of the broader society. The margin of information the United States’ enemies might access would be more than made up for by the strength our security programs would gain from independent criticism and testing.

The Race to Declare Victory

There are some who might say that the New York Times is an unofficial press office for the Obama administration. I’m not going to say that, but a new Times editorial about the federal ”Race to the Top” education contest would certainly support such a characterization.

Today, it just so happens, I have piece on the Daily Caller pointing out how Secretary of Education Arne Duncan seems to think that just saying, constantly and unreservedly, that RTTT has worked will forestall any debate about whether that is actually the case. The Times’ editorial uses exactly the same tactic.

First, here’s the big pronouncement that, no matter what actually ends up happening with RTTT, it is already a major success:

[E]ven if the program ended today, it already has had a huge, beneficial effect on the education reform effort, especially at the state and local levels.

Really?

To support it’s coronation of the program, the only statistic the Times offers of even slight heft is that “more than a dozen states adopted new laws intended to comply with the rules of the program.”

That is hardly impressive.

For one thing, there are fifty states – thirteen or so isn’t that many.

More importantly, as I point out in the Daily Caller and have noted previously, it appears that most of these legal changes that have been made will have scant practical impact beyond making states more competitive in the RTTT. And there is little reason to believe that even if the changes are potentially meaningful, states will enforce the changes once the states have gotten – or been turned down for – RTTT funds. After all, evasion of any real accountability has been the name of the game for decades.

But you don’t even need to find the changes that states have actually made to see what a Plastic Man-like reach the Times is making. Just look at the other evidence it cites to support its pronouncement:

To apply for grants, state political leaders and education officials had to confer with the leaders of local school districts in ways that were often new to them. Even for states that don’t get grants, the new contacts and conversations will be helpful as education reform moves forward.

Now, if this $4.35 billion program were called Network to the Top, or Chat to the Top, this might make me feel like a well-rewarded taxpayer (though I’d sure like to see some concrete evidence that it opened up myriad new channels of communication). But this is supposed to be drastically raising standards and achievement, not email volume.

Here’s the other major RTTT accomplishment:

It clearly has broadened interest in the rigorous new national standards proposed last month by the National Governors Association and a group representing state school superintendents. That atmosphere could give the new standards, which reflect what students must know to succeed at college and to find good jobs in the 21st century, a real chance of gaining broad acceptance.

Without even getting into the dubious assumption that the draft Common Core State Standards are of high quality, or the very weak empirical case that national standards are beneficial, this point is actually very damning of Race to the Top.

The only reason that RTTT has “broadened interest” in national standards, as the Times so euphemistically put it, is that states essentially had to sign onto the common standards effort to compete for RTTT dough. If they hadn’t had to, many states probably would not have suddenly developed an ”interest” in the national standards push.

This gives the lie to the logically challenged – but oft-repeated – assertion that adopting national standards is “voluntary” for states: It is voluntary only if they want to give up millions of taxpayer dollars. It also suggests that states are in RTTT for the money, which Secretary Duncan has warned they had better not be.

So has RTTT been a huge success? Absolutely not, and it seems the more its defenders insist that it has, the more clear it becomes that they are wrong.

Obama Ringing the Pell

As part of his ill-considered credentialing-to-compete initiative, President Obama wants to greatly increase both the size and availablity of Pell Grants. Under his proposed FY 2011 budget, the total pot of Pell aid would rise from $28.2 billion in 2009 to $34.8 billion in 2011; the maximum award would go from $5,350 to $5,710; and the number of students served would rise by around 1 million.  

A critical question, of course, is whether increasing Pell will ultimately make college more affordable or self-defeatingly fuel further tuition inflation. The New York Times took that up in yesterday’s Room for Debate blog.

Economist Richard Vedder has long educated people about the inflationary effect of student aid, and does so again with great clarity. It’s higher-ed analyst Art Hauptman, however, whom I think best captures what likely occurs when Pell is combined with all the cheap loans and other aid furnished by Washington, states, and schools themselves:

The degree to which student aid affects what colleges and universities charge varies between the Pell Grant and student loans. The Pell Grant has not had much effect on tuition levels in part because the amount of the awards does not vary with where a student enrolls. Institutions cannot affect how much a student receives, and the institutions that charge the most enroll the fewest Pell Grant recipients.

By contrast…there are several good reasons to believe that student loans have been a factor in the rising cost of a college education. Tuition has increased by twice the inflation rate for the past three decades while annual loan volume has increased tenfold in constant dollars.

Unlike Pell Grants…colleges have some control over how much students borrow as loan amounts. Moreover, just as one couldn’t imagine house prices being as high as they now are if mortgage financing were not available, it is difficult to believe that colleges and universities could have increased their charges so rapidly over time without the ready availability of students’ ability to borrow.

[W]e should worry…that increases in Pell Grants may lead institutions to reduce the amount of discounts they would otherwise have provided to the recipients, who are from poor families, and move the aid these students would have received to others. This possibility…is supported by the data showing that public and private institutions are now more likely to provide more aid to more middle-income students than low-income students.

So what’s likely going on? Cheap federal loans – which are available to students of all income levels and vary according to a college’s price – are probably the main direct tuition inflator. More indirectly, Pell probably encourages schools to move other aid from poorer to wealthier students, enabling the latter to pay ever-higher “sticker” prices. In other words, student aid powers tuition inflation!

Which brings me to a quick comment about the submission from College Board economist Sandy Baum, who trots out the standard “declining state appropriations”  to explain our college-price pain.

How many more times do I need to disprove this? Apparently, at least once more:

(Source: State Higher Education Executive Officers)

Public funding is a roller coaster and tuition revenue an incline. Over the last quarter century, per-pupil state and local funding for public colleges and universities went up and down, but dropped overall by a mere $8 per year. In contrast, public colleges’ per-pupil revenue from tuition (net of state and local student aid) rose more or less unabated, growing by about $73 per year. 

This – as well as the fact that private colleges are also guilty of huge price inflation – clearly belies the notion that colleges raise prices because skinflinty governments make them. That might be part of the explanation, but an even bigger part is almost certainly that colleges raise prices because, thanks to ever-growing student aid, they can.

Obama Commands the Impossible

Today’s New York Times reports that President Obama has “ordered the rapid development of technology to capture carbon dioxide emissions from the burning of coal,” as well as mandating the production of more corn-based ethanol and financing farmers to produce “cellulosic” ethanol from waste fiber.

You’ve got to like the president’s moxie.  Faced with his inability to pass health care reform and cap-and-trade, he now chooses to command the impossible and the inefficient.

Most power plants are simply not designed for carbon capture.  There isn’t any infrastructure to transport large amounts of carbon dioxide, and no one has agreed on where to put all of it.  Corn-based ethanol produces more carbon dioxide in its life cycle than it eliminates, and cellulosic ethanol has been “just around the corner” since I’ve been just around the corner.

However, doing what doesn’t make any economic sense makes a lot of political sense in Washington, because inefficient technologies require subsidies–in this case to farmers, ethanol processors, utilities, engineering and construction conglomerates, and a whole host of others.  Has the president forgotten that his unpopular predecessor started the ethanol boondogle (his response to global warming) and drove up the price of corn to the point of worldwide food riots? Hasn’t he read that cellulosic ethanol is outrageously expensive? Has he ever heard of the “not-in-my-backyard” phenomenon when it comes to storing something people don’t especially like?

Yeah, he probably has.  But the political gains certainly are worth the economic costs.  Think about it.  In the case of carbon capture, it’s so wildly inefficient that it can easily double the amount of fuel necessary to produce carbon-based energy.  What’s not to like if you’re a coal company, now required to load twice as many hopper cars?  What’s not to like if you’re a utility, guaranteed a profit and an incentive to build a snazzy, expensive new plant?  And what’s not to like if you’re a farmer, gaining yet another subsidy?

Is the Threat of Cyberattack Growing?

The New York Times dutifully reports that the Director of National Intelligence says it is. But it’s hard to know what that means. The word “cyberattack” has no usefully fixed definition.

And the important questions—plural—include: 1) whether cyberattacks—plural—are growing in number and sophistication more quickly than the capability of infrastructure owners to fend them off and recover from them; 2) which, if any, owners lack incentives to secure their infrastructure and what security externalities they might create; and 3) what levers—such as contract liability, tort liability, or regulation—might correct any such market failures.

Some lines in Director Blair’s statement are quite telling. Compare this:

Terrorist groups and their sympathizers have expressed interest in using cyber means to target the United States and its citizens.

to this:

The cyber criminal sector in particular has displayed remarkable technical innovation with an agility presently exceeding the response capability of network defenders.

Now, which class of actors are you going to worry about—the ones that dream of doing something bad? Or the ones that have the sophistication to do something bad? Probably the latter.

While calling for a federal intelligence-community role in “cybersecurity,” Blair confesses that this is more of a crime problem that the business sector needs to handle than a true national security issue in which the leading role would be played by government.

The good news is that crime syndicates don’t prosper by killing their hosts. Don’t look for catastrophic failure of our technical infrastructures arising from this most serious of “cyber” threats.

There’s no question that cybersecurity is important. But it’s also manageable. I shared my thoughts on “cybersecurity” last year with the House Science Committee.

Giving Away the Keys to the Kingdom?

The New York Times editorial board must be baffled by this news story about a few dozen present and former corporate executives appealing to Congress to expand public funding of political campaigns.

The appeal comes one day after the Supreme Court re-extended (some) First Amendment rights to corporations in a move the editorial board branded a “blow to democracy” that will lead to corporations “overwhelm[ing] elections and intimidat[ing] elected officials.” But now some corporate executives want to be dispossessed of the keys to the kingdom immediately after SCOTUS returned them — say what?

The executives’ appeal makes sense if you’ve read this article by law professor Robert Sitkoff (then of Northwestern, now the John L. Gray Professor of Law at Harvard ). Sitkoff argues that the 1907 Tillman Act, which placed the first federal limits on corporate involvement in campaigns, was not adopted because elected officials wanted protection from corporations, but because corporations demanded protection from donation-seeking politicians like William McKinley and his bagman Mark Hanna. Now, in the wake of the Citizens United decision, corporations are asking for renewed protection — this time on the taxpayers’ dime.

As others have argued, corporations are subject to federal laws, regulations and taxation, just like citizens, and therefore should have First Amendment rights just like citizens. If corporations are afraid their regained rights will expose them to politicians’ demands for corporation-financed political ads, then corporate officers should follow their duty to shareholders and learn how to say no.

As for the New York Times Company’s concern about corporations having undue influence on democracy, there are a couple of things it can do to reduce that influence. For one, the New York Times Company can stop endorsing candidates for office — a practice that undermines newspapers’ claims of fair and objective reporting. For another, the New York Times Company can stop using its reporters to electioneer.

Reading Reality

Today, Politico Arena asks:

“Do they get it?”

My response:

Do the Democrats get it?  A good many of them, like so much of the mainstream media, have long taken their cue from The New York Times editorial page. This morning the Great Gray Lady sallies forth, ideological blinders in place, to pronounce that,  “To our minds, [Tuesday’s result] is not remotely a verdict on Mr. Obama’s presidency, nor does it amount to a national referendum on health care reform.”  Not remotely?  Those Democratic office-holders who continue to sip from that purblind well will soon have plenty of time to do so.

But Republican performance in recent years has hardly inspired.  To their credit, however, Republicans tend to subscribe to principles about government that are closer to the nation’s founding principles – if only they would abide by them.  And so one hopes that, after Tuesday, they will come better to “get it.”